Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kEvAnc1FIykP3qZYSz5KicJkCjA.roa
File:                     kEvAnc1FIykP3qZYSz5KicJkCjA.roa (raw, json)
Hash identifier:          isUT91uZs4NZ8F7nu/1KR8d2HfeBQ8W8SN7XPRVHHgY=
Subject key identifier:   90:4B:C0:9D:CD:45:23:29:0F:DE:A6:58:4B:3E:4A:89:C2:64:0A:30
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D341CD92529F6696CA5BC33E4289F93A1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kEvAnc1FIykP3qZYSz5KicJkCjA.roa
Signing time:             Sat 28 Mar 2026 11:03:18 +0000
ROA not before:           Sat 28 Mar 2026 11:03:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        87.120.68.0/24 maxlen: 24
                          185.252.160.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:34:1c:d9:25:29:f6:69:6c:a5:bc:33:e4:28:9f:93:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 28 11:03:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=904bc09dcd4523290fdea6584b3e4a89c2640a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cb:ac:0c:8d:b4:30:e1:46:79:38:f8:f2:52:
                    fe:a0:9a:aa:d4:62:ff:b5:32:75:f4:ab:9b:fc:60:
                    3b:d8:89:87:77:48:60:48:92:ef:94:7d:17:df:9c:
                    4f:3a:57:ca:4d:fc:07:90:d3:2d:27:36:ae:11:bc:
                    66:c7:0f:0e:be:5d:b4:98:89:04:ac:08:e2:f2:16:
                    68:00:34:d4:bc:7b:ae:cd:24:c2:0b:ba:77:db:14:
                    40:5c:d9:a7:0e:13:38:0d:f8:0c:64:06:f4:fb:35:
                    7a:fb:d4:41:00:42:66:4a:c4:ba:b4:5a:46:35:ba:
                    60:28:7b:76:fc:25:57:fb:c1:02:bf:30:38:92:cf:
                    4a:d9:9a:ab:cd:ed:4c:3f:55:a4:d9:60:e7:55:19:
                    3c:7c:ef:df:8e:e9:2e:22:02:68:7c:d2:36:e2:4f:
                    81:34:b8:f2:dc:ff:ca:93:9e:27:4a:b2:08:10:54:
                    3c:b1:74:96:50:c1:f6:23:5f:97:88:f8:46:80:ef:
                    d5:d3:6a:06:66:7f:57:70:e0:f2:d7:08:a9:64:b9:
                    b9:d3:ba:d6:23:01:34:9c:2d:bb:6b:97:b1:2d:ee:
                    79:a9:58:4d:f8:5f:be:88:18:f9:b0:5e:fc:78:7a:
                    2c:d6:a0:ae:24:65:67:43:50:0f:0f:ee:69:d3:27:
                    bc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4B:C0:9D:CD:45:23:29:0F:DE:A6:58:4B:3E:4A:89:C2:64:0A:30
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kEvAnc1FIykP3qZYSz5KicJkCjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.68.0/24
                  185.252.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:75:86:6f:66:d0:fb:45:d2:81:40:fa:c2:a9:7d:00:7b:17:
         f1:3f:55:6b:45:e1:fc:2c:35:22:c5:51:ec:9f:30:1f:af:50:
         66:01:ba:32:6e:34:2f:87:da:4b:67:cb:58:cb:fa:ee:bc:44:
         d4:11:90:32:75:8f:5c:51:cd:fc:e6:cb:2f:49:98:ed:cd:c3:
         35:59:a4:85:37:43:c3:5e:f5:dd:27:dd:db:d6:f1:87:fb:6c:
         6c:b8:69:1f:d6:5d:c2:02:d9:c1:3d:c8:e6:8a:19:fc:a8:ae:
         a6:5a:26:3e:e0:8d:24:48:0c:b0:15:79:56:b7:0f:be:08:23:
         34:6c:34:55:06:cc:03:ba:11:6c:0b:34:6a:ad:f9:26:6a:e9:
         ba:a2:86:53:37:38:fc:be:38:bc:18:51:26:dc:c3:f7:bd:d6:
         be:4f:28:81:c8:5d:25:ea:a7:0f:dd:da:95:13:44:ed:be:5d:
         a0:d2:cf:1d:b2:cf:72:bb:7c:4f:92:ea:20:bb:61:37:6f:cd:
         2c:f2:23:de:33:31:cd:d7:e9:01:5e:82:c8:9e:78:5d:0f:d0:
         ef:c1:c9:8b:94:e3:12:e6:43:41:31:56:6d:d0:d5:a6:a6:c6:
         7a:c4:4f:76:3b:51:39:d2:6f:f2:1f:90:a4:03:b5:b9:ed:b9:
         25:b7:b9:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ00HNklKfZpbKW8M+Qon5OhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzI4MTEwMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRiYzA5ZGNkNDUyMzI5MGZkZWE2NTg0YjNlNGE4OWMyNjQwYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsusDI20MOFGeTj48lL+oJqq1GL/
tTJ19Kub/GA72ImHd0hgSJLvlH0X35xPOlfKTfwHkNMtJzauEbxmxw8Ovl20mIkE
rAji8hZoADTUvHuuzSTCC7p32xRAXNmnDhM4DfgMZAb0+zV6+9RBAEJmSsS6tFpG
NbpgKHt2/CVX+8ECvzA4ks9K2Zqrze1MP1Wk2WDnVRk8fO/fjukuIgJofNI24k+B
NLjy3P/Kk54nSrIIEFQ8sXSWUMH2I1+XiPhGgO/V02oGZn9XcODy1wipZLm507rW
IwE0nC27a5exLe55qVhN+F++iBj5sF78eHos1qCuJGVnQ1APD+5p0ye85wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBLwJ3NRSMpD96mWEs+SonCZAowMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva0V2QW5jMUZJeWtQM3FaWVN6NUtpY0prQ2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3hEAwQB
ufygMA0GCSqGSIb3DQEBCwUAA4IBAQCjdYZvZtD7RdKBQPrCqX0AexfxP1VrReH8
LDUixVHsnzAfr1BmAboybjQvh9pLZ8tYy/ruvETUEZAydY9cUc385ssvSZjtzcM1
WaSFN0PDXvXdJ93b1vGH+2xsuGkf1l3CAtnBPcjmihn8qK6mWiY+4I0kSAywFXlW
tw++CCM0bDRVBswDuhFsCzRqrfkmaum6ooZTNzj8vji8GFEm3MP3vda+TyiByF0l
6qcP3dqVE0Ttvl2g0s8dss9yu3xPkuogu2E3b80s8iPeMzHN1+kBXoLInnhdD9Dv
wcmLlOMS5kNBMVZt0NWmpsZ6xE92O1E50m/yH5CkA7W57bklt7m8
-----END CERTIFICATE-----